CAPPS II: Questions that need to be answered
By Steve Lilienthal
web posted March 8, 2004
Should CAPPS II be cleared for takeoff?
The new, new thing developed by the TSA is something that they
claim will enhance aviation. But it has encountered plenty of
turbulence already.
Certainly, privacy advocates are concerned about the new
system with its color-coded risk assessment. Who gets a
cautionary yellow? A red rating means you will be forbidden to
board. What factors will determine the rating system? What
recourse do passengers who think they have been stopped
unfairly have? For that matter, just how accurate will this color-
coded system be?
The TSA admits that they have not been able to fully plan and
test the system yet. Clearly, a very important stumbling block has
been the failure of the airlines to provide on time passenger data
that is needed by the TSA to test the system. Airlines may very
well fear that cooperating with TSA will lead to boycotts or bad
publicity. Perhaps a more important issue that may be lurking,
but one that so far has been largely undiscussed by the airlines
and the travel industry, is that the CAPPS II system will saddle
them with added costs. Reservation systems will have to be
revamped to collect the passenger authentication data required
by CAPPS II. It's an unfunded mandate by the Federal
government on the travel and airline industry.
But the concerns expressed about the system have also been
expressed by a recent report called "Computer Assisted
Prescreening System Faces Significant Implementation
Challenges" that was issued by the Government Accounting
Office.
Here are some excerpts:
"TSA program officials said that testing government databases
for overall accuracy will be challenging. For example, TSA does
not know exactly what type of information the government
databases contain, such as whether a database will contain a
person's name and full address, a partial address, or no address
at all. Furthermore, a senior program official said that TSA has
no indication of the accuracy of information contained in
government databases. The official stated that using data without
assessing accuracy and mitigating data errors could result in
erroneous passenger assessments, and that government database
accuracy and mitigation measures will be completed before the
system is placed in operation."
"Although TSA plans to take measures to mitigate errors in
commercial and government databases used by CAPPS II, TSA
officials and commercial data providers stated that databases
determined to have an acceptable level of accuracy will likely still
contain errors. Consequently, in addition to using multiple
databases and a process to identify misspellings to correct errors
in commercial databases, TSA is also developing a redress
process whereby passengers can attempt to get erroneous data
corrected. However, it is unclear what access passengers will
have to information found in either government or commercial
databases, or who is ultimately responsible for making
corrections. Additionally, if errors are identified during the
redress process, TSA does not have the authority to correct
erroneous data in commercial or government databases. TSA
officials said they plan to address this issue by establishing
protocols with commercial data providers and other federal
agencies to assist in the process of getting erroneous data
corrected."
But will these protocols ensure effective followup? To get others
to "assist" in making corrections makes it sound as if the
commercial or government agencies keeping the data bases are
doing aggrieved passengers a favor, not fulfilling what should be
an iron-clad responsibility to maintain the accuracy of their
databases. How much teeth will these protocols have? How
effective will the monitoring process be?
The GAO report credits the TSA for issuing plans that "appear
to address many of the requirements of the Privacy Act, the
primary legislation that regulates the government's use of
personal information."
However, the GAO report goes on to say: "In January 2003,
TSA published a proposed rule to exempt the system from seven
Privacy Act provisions but has not yet provided the reasons for
these exemptions, stating that this information will be provided in
a final rule to be published before the system becomes
operational. As a result, TSA's justification for these exemptions
remains unclear. Until TSA finalizes its privacy plans for CAPPS
II and addresses such concerns, we lack assurance that the
system will fully comply with the Privacy Act."
The Department of Homeland Security, in which the TSA is
housed, has a Chief Privacy Officer who, among other things, is
supposed to ensure DHS agencies are in compliance with
Privacy Act measures. However, how effective can the CPO be
in ensuring privacy act protection under CAPPS II when the
TSA is seeking a number of exemptions? Consider what is
stated below by the GAO
report:
"...TSA plans to exempt CAPPS II from the Privacy Act's
requirements to maintain only that information about an individual
that is relevant and necessary to accomplish a proper agency
purpose. These plans reflect the subordination of the use
limitation practice and data quality practice (personal information
should be relevant to the purpose for which it is
collected) to other goals and raises concerns that TSA may
collect and maintain more information than is needed for the
purpose of CAPPS II, and perhaps use this information for new
purposes in the future. Further, TSA plans to limit the application
of the individual participation practice -- which states that
individuals should have the right to know about the collection of
personal information, to access that information, and request
correction -- by prohibiting passenger access to all personal
information about them accessed by CAPPS II. This raises
concerns that inaccurate personal information will remain
uncorrected in and continue to be accessed
by CAPPS II."
The GAO report does admit that the actions to restrain the use
of Fair Application Policies -- international principles reflected in
the Privacy Act -- are not violating federal requirements. In
GAO's view, TSA is attempting a balance between privacy and
concerns regarding enforcement and administration.
The conclusion of the GAO report states: "Without proper
oversight, there is limited assurance that the system and its data
will be adequately protected against misuse, and that the system
is operating as intended...Lastly, given the concerns regarding the
protection of passenger data, the system cannot be fully
accepted if it lacks a comprehensive redress process for those
who believe they are erroneously labeled as an unknown or
unacceptable risk."
The DHS differs with key conclusions of the GAO report. They
stress that CAPPS II is still a system that is "under development"
but overarching privacy policies and redress mechanism have
been established."
The selective quoting in this commentary reflect the entire range
of concerns covered in the extensive 50 page GAO report and
the Department of Homeland Security's side, expressed in a
letter over two pages that was signed by Undersecretary for
Management Janet Hale, is clearly treated in passing in this
commentary. The report in its entirety and the DHS letter is
available on the GAO webpage:
It's worth noting that even The Heritage Foundation in a recent
webmemo called "Passenger Screening Program is Vital -- and
Vital to Get Right" by James Carafano, Paul Rosenzweig and Ha
Nguyen, asserts that "Several privacy and data protection
issues...should be addressed before CAPPS II is deployed" and
that congressional guidance is needed to "set criteria for data
accuracy, prevention of unauthorized use, privacy protection,
and redress procedures and should require guidelines and risk
mitigation strategies to prevent costs from spiraling out of
control."
If you travel frequently or have experienced problems with
government or commercial databases or both then you have
every reason to want to learn more about CAPPS II because
this system and its color coded risk assessment will determine
whether you will be able to board a plane and takeoff to your
destination. The use of government and commercial databases
and their accuracy and the effectiveness of the privacy
protections that will be in place and the procedures for effective
recourse for passengers who feel that they have been misrated
by CAPPS II are also significant concerns and certainly invite
questions.
The Senate Commerce Committee or one of its subcommittees
is expected to hold a hearing within the next few weeks on
CAPPS II. There's no better time than now to let the senators
and staff who serve on that committee know what
questions you want answered about this system.
Steve Lilienthal is Director of the Center for Privacy and
Technology Policy at the Free Congress Foundation.
Enter Stage Right -- http://www.enterstageright.com